What our legislators should do about privacy (and aren’t)
I’ve been harping on the grave dangers of surveillance and privacy intrusion. Clearly, something must be done to rein them in. But what?
Well, let’s look at an older and better-understood subject — governmental use of force. Governments, by their very nature, possess tools for tyranny: armies, police forces, and so on. So how do we avoid tyranny? We limit what government is allowed to do with those tools, and we teach our citizens — especially those who serve in government — to obey and enforce the limits.
Those limits can be lumped into two categories:
- Direct — there are very strong controls as to when and how the government may use force.
- Indirect — there are also controls on how the government can even threaten the use of force. I.e., substantially all laws are ultimately backed up by the threat of governmental force — and there are limits as to which laws may or may not be enacted.
The story is similar for surveillance technology:
- As data gathering and analysis technologies skyrocket in power, they become ever more powerful tools for tyranny.
- Direct controls are called for — there is some surveillance the government is and should not be allowed to do.
- Indirect controls are also necessary — even when it has information, there are ways in which the government should not be allowed to use it.
But there’s a big difference between the cases of physical force and surveillance.
- The direct controls on the use of force are strong; under ordinary circumstances, government is NOT allowed to just go out and shoot somebody.
- The direct controls on surveillance, however, are very weak; government has access to all kinds of information.
And they’re going to stay weak. Yes, over the past two months political sentiment has swung somewhat toward strengthening them, and I fervently urge you to support that trend. But all you’ll achieve is a delay — a temporary roadblock on the path to tyranny. Ultimately, governments around the world will not pass up the ability to track communications, financial transactions, or the physical movements of their citizens — not in a world where some of the biggest security threats are or are believed to be from terrorism.
Consequently, the indirect controls on surveillance need to be very strong, for they are what stands between us and a grim authoritarian future. In particular:
- Governmental use of private information needs to be carefully circumscribed, including in most aspects of law enforcement.
- Business discrimination based on private information needs in most cases to be proscribed as well.
In addition, society at large needs to be tolerant of people’s peculiarities and failings. But that’s the least of my concerns, because I’m optimistic that we’re getting there. If you disagree, please consider this: The last three US presidents have been — at least in their pasts — a philanderer, a drunkard, and a cocaine user.
I lack the legal expertise to make very specific public policy recommendations. But the kinds of rules I’m envisioning include:
- Probabilistic profiling data should rarely be admissible in court. We don’t, as a society, need testimony of the sort “Men who drive red cars are 20% more likely to cheat on their wives.”
- Current rules against discrimination by employers, insurers, and credit granters should be strengthened. Every year, pro-worker and pro-consumer legislators should enact protections to offset the greater capabilities of discriminatory technology.
- “Attention” data such as website visits should rarely be admissible in court. This is a controversial view; after all, child pornography, file sharing, and terrorism can all in principle be “busted” by tracking website visits and the like. But I think it’s crucial that, as individuals and a society, we be free to at least think about and research anything we want to, without fear of adverse consequences.
- Private communications of all kinds should be … private. People shouldn’t be chilled from speaking freely. For example, email should receive the same protections as telephone calls or sealed letters. Generally in the United States, that’s a matter of legislation, since the Fourth Amendment is often interpreted more narrowly than I would wish.
- Criminal and other investigations should very rarely, if ever, be allowed to “look through walls”. Yes, infrared detectors and many other tricks are very useful to cops wanting to violate criminals’ privacy. Still, if such investigations became routine, then there would be chilling effect even upon what we do in the supposed privacy of our own homes.
Or to sum up — the only activities I want to see chilled by electronic surveillance are the actual planning and execution of terrorist attacks.* For anything else, I’m content with the imperfect but tolerable law enforcement vs. individual freedom balance of the past.
*And maybe also the kinds of organized crime and so on against which telephone wiretaps and bugs have been effective in the past.
Do I oppose direct controls on the surveillance, retention or communication of data? No (with limited exceptions, such as HIPAA’s life-costing effect on medical research). I just don’t think they’re enough; strong indirect controls such as those I outlined above are needed as well.
And it’s about time that our policy-makers figured that out.
Comments
5 Responses to “What our legislators should do about privacy (and aren’t)”
Leave a Reply
[…] This road leads to gray, totalitarian-like conformity. Fortunately, there’s still also a path to a brighter future. […]
[…] Great recommendations. What our legislators should do about privacy (and aren’t). […]
[…] overcome these myriad challenges. So why am I hopeful that use-based ones can? Well, consider the use-based privacy control guidelines I recently […]
[…] core arguments about privacy and surveillance seem as valid as […]
[…] What our legislators should do about privacy (and aren’t) (July, 2013). […]